Generate keys more carefully, so that when the user asks for an n-bit

key they always get an n-bit number instead of n-1. The latter was perfectly harmless but kept confusing users. [originally from svn r9421]
2025-07-01 03:22:48 -05:00 · 2012-03-04 00:24:49 +00:00
parent e59f1ac827
commit 9604c2b367
4 changed files with 57 additions and 9 deletions
--- a/sshdssg.c
+++ b/sshdssg.c
@ -9,6 +9,7 @@ int dsa_generate(struct dss_key *key, int bits, progfn_t pfn,
 		 void *pfnparam)
 {
    Bignum qm1, power, g, h, tmp;
+    unsigned pfirst, qfirst;
    int progress;

    /*
@ -70,15 +71,16 @@ int dsa_generate(struct dss_key *key, int bits, progfn_t pfn,

    pfn(pfnparam, PROGFN_READY, 0, 0);

+    invent_firstbits(&pfirst, &qfirst);
    /*
     * Generate q: a prime of length 160.
     */
-    key->q = primegen(160, 2, 2, NULL, 1, pfn, pfnparam);
+    key->q = primegen(160, 2, 2, NULL, 1, pfn, pfnparam, qfirst);
    /*
     * Now generate p: a prime of length `bits', such that p-1 is
     * divisible by q.
     */
-    key->p = primegen(bits-160, 2, 2, key->q, 2, pfn, pfnparam);
+    key->p = primegen(bits-160, 2, 2, key->q, 2, pfn, pfnparam, pfirst);

    /*
     * Next we need g. Raise 2 to the power (p-1)/q modulo p, and